For about two years, the healthcare industry has come up against some major cyber threats. Ransomware especially has proven problematic — along with being a nuisance — as it can shut down entire systems and disrupt care.

This year saw the rise of wiper malware or ransomworms, where viruses masquerading as ransomware destroyed complete networks, data and service capabilities. But those attacks were just the beginning.

The ransomware evolution

In its recent threat prediction report for the coming year, McAfee highlighted the biggest threats facing all sectors, including serverless apps. But for healthcare, ransomware will continue to be the biggest hot-button issue.

To McAfee Chief Scientist Raj Samani, this year was just a glimpse of what the industry can expect going forward.

“The healthcare sector has probably suffered more than most, in terms of ransomware,” said Samani. “What we’re seeing today is the broken proliferation of ransomware — which really started in healthcare.”

The attack method will continue to evolve in the coming year. Hackers will not only attempt to lock down computers in the traditional sense, they’ll launch ‘pseudo-ransomware’ attacks: Viruses with hidden purposes.

Ransomware profitability has begun to decline as user education, security defenses and strategies improve to combat against the virus — which is the very reason hackers will continue to update and polish their attack methods, according to the report.

In fact, McAfee predicts that attackers will begin to target less traditional and more profitable targets with ransomware — like connected devices, those with high net worth and businesses. Hackers will pivot from ransomware in its traditional form to more of cyber sabotage and service disruptions.

“Ransomware will continue to be a threat and evolve, not to just encrypting data, but also to blackmailing data owners based on the content of the data,” said National Health Information Sharing and Analysis Center President Denise Anderson.

“Nation state threats will continue especially where organizations work in geopolitical spaces, and hacktivists are a wild card based upon political issues,” she added.

The industry already saw a preview of what’s to come during the WannaCry and Petya global attacks in the spring and early summer.

“The drive among adversaries for greater damage, disruption and the threat of greater financial impact will not only spawn new variations of cybercrime ‘business models,’ but also begin to seriously drive the expansion of the cyber insurance market,” according to the report.

To Samani, pseudo-ransomware is major challenge, as it may look like a virus — but its purpose is something entirely different. First seen in the financial sector, these viruses take hold of data and hold it for ransom.

However, no longer will hackers just lock down a screen or workstation, they’ll take the data. And if the organization refuses to pay up — the hackers will expose the private information.

The healthcare sector is no stranger to extortion: It’s actually been a major issue throughout 2017.

But the majority of the known breaches were carried out by notorious cybercriminal, TheDarkOverLord, who stole data from a number of organizations, including a nonprofit cancer foundation. TDO has proved there’s nothing off-limits to cybercriminals.

Leadership woes

What also may contribute to impending threats: Hospitals and leadership.

“The biggest threats hospitals face are themselves and their leadership,” said Anderson. “Many of the smaller organizations don't even have cybersecurity on their radar and place cybersecurity spending as a low priority.”

“End users and departments operate in silos and do not practice good cyber hygiene, such as password management and patching,” she continued. “Concentration on HIPAA and penalties steers complete focus to data protection, and not on overall operational security and resilience.”

To prepare, hospitals need to begin to take cybersecurity seriously and prioritize it from both an enterprise and business risk perspective, explained Anderson. Organizations can leverage one of the many frameworks — such as NIST or MITRE’s ATT&CK — to develop sound policies.

Further, the security message must come from leadership and permeate throughout every aspect of the organization, said Anderson. “By creating a culture that embraces cybersecurity versus shies from it, cybersecurity best practices and employee awareness and education will result.”